Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Joomla! Cleartext Password Disclosure

High

Synopsis

The installed Joomla! web application does not run over TLS, leaving usernames and passwords transmitted in cleartext over HTTP.

Description

Joomla! is an open source content management system written in PHP. When authentication and other sensitive data are not encrypted during transmission between client and server, an attacker who can sniff network traffic may use this flaw to gain unauthorized access to the administrator's web interface of this server.

Solution

Require the Joomla! web server to encrypt traffic associated with authentication or any sensitive data.